![]() This adds a new ProtectSystem= setting that mirrors the option of the same of services, but in a more restrictive way. If enabled will remount /usr/ to read-only, very early at boot. Takes a special value "auto" (which is the default) which is equivalent to true in the initrd, and false otherwise. Unlike the per-service option we don't support full/strict modes, but the door is open to eventually support that too if it makes sense. It's not entirely trivial though as we have very little mounted this early, and hence the mechanism might not apply 1:1. Hence in this PR is a conservative first step. My primary goal with this is to lock down initrds a bit, since they conceptually are mostly immutable, but they are unpacked into a mutable tmpfs. let's tighten the screws a bit on that, and at least make /usr/ immutable. This is particularly nice on USIs (i.e. Unified System Images, that pack a whole OS into a UKI without transitioning out of it), such as diskomator. |
||
---|---|---|
.clusterfuzzlite | ||
.github | ||
.semaphore | ||
catalog | ||
coccinelle | ||
docs | ||
factory | ||
hwdb.d | ||
LICENSES | ||
man | ||
mkosi.conf.d | ||
mkosi.images | ||
modprobe.d | ||
network | ||
po | ||
presets | ||
rules.d | ||
shell-completion | ||
src | ||
sysctl.d | ||
sysusers.d | ||
test | ||
tmpfiles.d | ||
tools | ||
units | ||
xorg | ||
.clang-format | ||
.ctags | ||
.dir-locals.el | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
.mailmap | ||
.packit.yml | ||
.pylintrc | ||
.vimrc | ||
.ycm_extra_conf.py | ||
configure | ||
LICENSE.GPL2 | ||
LICENSE.LGPL2.1 | ||
Makefile | ||
meson.build | ||
meson_options.txt | ||
mkosi.conf | ||
mkosi.kernel.config | ||
NEWS | ||
README | ||
README.md | ||
TODO |
System and Service Manager
Details
Most documentation is available on systemd's web site.
Assorted, older, general information about systemd can be found in the systemd Wiki.
Information about build requirements is provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the Code Map for information about this repository's layout and content.
Please see the Hacking guide for information on how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list, join our IRC channel or Matrix channel
Stable branches with backported patches are available in the stable repo.